AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

Listing Of Claims 

1 - 22. (Cancelled) 

23. {Previously presented) The security system as recited in claim 34, 
wherein the onboard security management system further operates to provide an alert 
message to the terrestrial-based system when an intrusion event is detected. 

24-25. (Cancelled) 

26. (Previously presented) The security system recited in claim 34, wherein 
said status indication provides a status of a current operational state of each one of a 
plurality of network user access points of the onboard network. 

27. (Previously presented) The security system recited in claim 26, wherein 
the indication indicates one of: 

a normal operational state; 

a suspect operational state wherein an intrusion event is suspected; and 
a disconnect state in which access by a user of a specific access point on the 
onboard network is prevented. 
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28-33. (Cancelled) 



34. (Currently Amended) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard communication network accessible [[to]] for use by a plurality of 
users onboard the mobile platform; 

an intrusion detection system onboard the mobile platform for monitoring use of 
the onboard network for detecting if a potential intrusion event has occurred by one of 
the plurality of users onboard the mobile platform; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies, the action able to be directed to at least a selected one of a plurality of 
user access points on the onboard network, the set of securit y policies defining the 
action as inltiatable subject to an override of the action through the terrestrial-based 
system and as changeable, when the intermittent link makes communication with the 
terrestrial-based system unavailable, to restore a previous policy-defined state of the 
selected user access point; 

and the onboard security management system receives updates to said security 
policies from the terrestrial-based system while when said intermittent link is 
operational; 

wherein the action includes one of: 
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notifying a particular user on the onboard network that a suspected 
intrusion event has occurred; or 

blocking access by the particular user to the onboard network; 
the security system further provides a status indication as to a status of the 
onboard network. 

35. (Canceled) 

36. (Previously Presented) The security system recited in claim 34, wherein 
the onboard security management system notifies the terrestrial-based system that a 
potential intrusion event has occurred. 

37. (Previously Presented) The security system recited in claim 34, where the 
action taken by the onboard security management system further includes installing a 
network traffic blocking filter on said user access point on which a potential intrusion 
event has occurred. 

38. (Currently Amended) A method for monitoring an onboard network on a 
mobile platform, i n wh i ch th e onboard n e twork is in int er mitt e nt communication with a 
t e rr e stf4 a i - b a s e d ~ SYst e m 7 the method comprising: 

providing a plurality of network access points to users on the mobile platform , the 
access p oints ca pable of providing access by user devices to an onboard network 
configured to communicate with a terres trial-base d system over an intermittent link; 
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monitoring the onboard network to detect an intrusion event made by at least one 
of the users on the mobile platform; 

using a security management system onboard the mobile platform, and 
responsive to notification of an intrusion event, to in i tiat e initiating a security action to 
address the intrusion event, in accordance with a set of security policies, where the 
security action can be directed to one or more selected access points on the network; 
and 

indicating an operational status of the network, and-updating the se curity po l ici e s 
w hile the onboa rd network is in communication w i th th e t e rr e stria l- bas e d system ov e r 
an int e rmitt e nt link the operational status resulting from the initiated action when the 
intermittent link prevents communication with the terrestrial-based system, the set of 
security policies defining the status as chan geable based on whether the intermittent 
link makes input from the terrestrial-based system available for transitioning the one or 
more selected user access points into an auto-response disabled state, 

39. (Canceled) 
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